Just tried to see infra:home and infra:logs work, and they work in my environment. Can you make sure the identity object that shows in Kibana logs actually has the hidden apps?
In Kibana server logs, try to login with the user that is supposed to have those apps hidden, and look for this log line:
received identity payload: {“x-ror-available-groups”:[“ROR (admin)”,“Infosec”],“x-ror-kibana_index”:“.kibana_infosec”,“x-ror-kibana-hidden-apps”:[“readonlyrest_kbn”,“timelion”],“x-ror-kibana_access”:“rw”,“x-ror-username”:“admin”,“x-ror-current-group”:“Infosec”}